## https://sploitus.com/exploit?id=24CBFB55-FC48-5243-A887-4837C0A83F72
# Security Advisory: CVE-2026-30741
Product: OpenClaw Agent Platform
Affected Versions: v2026.2.6 and earlier
Vulnerability Type: Remote Code Execution (RCE) via Request-Side Prompt Injection
Description: A lack of integrity validation for upstream API requests allows for request-stream poisoning. This induces high-performance models to generate unauthorized terminal commands executed via MCP tools without human confirmation.
Credit: Namedless
Reference: CNVD-2026-11444